FROM THE OFFICE OF PUBLIC AFFAIRS

"Protecting the Financial Sector from Terrorism and Other Threats"

I am pleased to be here in Philadelphia today. With over ten major insurance companies, a U.S. Mint, a Federal Reserve Bank, and one hundred FDIC-insured institutions, Philadelphia houses a significant portion of the critical financial infrastructure of the United States. In addition, the Philadelphia region is an important base for mutual fund companies, such as Vanguard, SEI Investments and Gartmore to name but a few. You, as owners and operators, are already working hard to protect your businesses, employees, and customers. Thank you for your efforts.

The purpose of this conference is to share with you some of the policies and programs that may further help your efforts at physical and cyber resilience and security. In partnership with the FDIC, the Department of the Treasury and our colleagues in the public and private sectors are holding conferences like this in twenty-four cities across the United States. During the conferences, we will reach thousands of professionals like you, owners and operators of our financial infrastructure. We hope you will take advantage of these policies and programs that can further strengthen the critical financial infrastructure of the United States.

Importance of Protecting Our Financial Infrastructure
The resiliency of the financial infrastructure is an issue that is very important to the Department of the Treasury. At the Treasury, we are responsible for developing and promoting policies that create jobs and improve the economy. We are also concerned with developing and promoting policies that enhance the resilience of the economy, policies that minimize the economic damage and speed economic recovery from a terrorist attack. Because of these responsibilities, the President named Treasury as the lead agency to enhance the resilience of the critical financial infrastructure.

These two responsibilities are closely related. As Secretary Snow has said, the financial system is the engine of our economy. In a very real sense, therefore, the resilience of the American economy depends on the resilience of the American financial system.

Fortunately, with an already resilient American economy, we are starting from a very strong base. Over the past few years, we have seen this resilience first hand, as the American economy withstood an economic recession, the terrorist attacks of September 11, corporate governance scandals, and the power outage of August 14-15. Many reasons have lead to the resilience of the American economy. Good policies - like the President's Jobs and Growth Initiative - played an important part. So has the strength and resilience of the American people who are determined to protect our way of life.

Due in part to deregulation of the banking industry and innovation in technology, the American financial system is becoming increasingly more resilient. As recently as this Monday, Federal Reserve Board Chairman Alan Greenspan commented on this resilience, stating that "the more flexible an economy, the greater its ability to self-correct in response to inevitable, often unanticipated, disturbances and thus to contain the size and consequences of cyclical imbalances."

The successful performance of the financial system during the power outage of last August exemplifies this resilience. With one exception, the bond and major equities and futures markets were open the next day at their regular trading hours. Major market participants were also well prepared, having invested in contingency plans, procedures, and equipment such as backup power generators. The U.S. financial sector withstood this historic power outage without any reported loss or corruption of any customer data. This resilience mitigates the economic risks of terrorist attacks and other disruptions, both to the financial system itself and to the American economy as a whole.

Although we are starting from a strong base, the fact remains that terrorists continue to target the U.S. economy and U.S. financial institutions. Therefore, we must continue our vigilant efforts to protect our critical financial infrastructure.

Guiding Principles
Four principles guide our efforts to enhance the resilience of our financial infrastructure. These principles guided our actions as the financial system recovered from the attacks of September 11th. They guided our actions during the power outage of August 14-15. They guide our day to day actions as we prepare for the next disruption.

The first principle is to remember that the financial system is really about people. People, not buildings or computers, produce financial services. And it is people who benefit from financial services.

We depend on people - tellers, technicians, loan officers, technologists - to run the financial system and to see the system through during times of stress. Indeed, it was the commitment of these professionals to their institutions, customers, and colleagues that helped the financial system recover from the attacks of September 11th and weather the power outage of August 14-15.

Just as we depend on people to operate the financial system, people depend on the financial system to remain in operation. Every American depends on financial services to get their paycheck, buy their groceries, purchase a house, finance their children's education, or save for retirement. We must ensure that people continue to have confidence that the financial system will meet their needs.

The second principle is the importance of maintaining confidence. Confidence in the ability of financial institutions to clear checks, execute transactions, and satisfy insurance obligations helps the system weather significant disruption from evolving threats. By relying on a sound financial system, Americans can make business decisions for the future and conduct necessary business in the present.

The third principle is to ensure that the financial system remains accessible and open for business when the safety of the employees permits. During times of disaster, investors depend on markets to price the impact of the disruption on assets. The longer markets are closed, the longer investors must go without knowing what the impact will be. This uncertainty can itself be harmful to the economy, compounding the impact of any disruption. The sooner we can eliminate this uncertainty, the more we can mitigate the impact and speed recovery.

Fourth, we want to promote responsible decision-making and problem-solving within the private sector. In general, financial institutions should make the appropriate decisions without waiting for guidance from Washington. After all, it is the private sector that owns and operates the majority of the financial systems, and therefore knows best how to mend these systems after a disruption.

Organization
With these principles in mind, we have organized ourselves into two main groups. One is the Financial and Banking Information Infrastructure Committee (FBIIC). The FBIIC is sponsored by the President's Working Group on Financial Markets and consists of many state and federal regulators. The FDIC, which organized this conference today, is a member. So too are the Board of Governors of the Federal Reserve System, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the National Association of Insurance Commissioners, the Conference of State Banking Supervisors, and many other important regulators. Treasury chairs the FBIIC.

The other important group is the Financial Services Sector Coordinating Council (FSSCC). The FSSCC consists of virtually every important financial services association in the United States.

The structure of these organizations advances the principles I just spoke about. As the President stated in his National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, "it is important to remember that protection of our critical infrastructures and key assets is a shared responsibility. Accordingly, the success of our protective efforts will require close cooperation between government and the private sector at all levels." These two organizations facilitate that close cooperation and encourage private sector responsibility to protect the critical financial infrastructure without adding unnecessary layers of bureaucracy.

Policies
The four principles - protecting people, maintaining confidence, maintaining access to financial institutions, and promoting de-centralized decision-making and responsibility - shape our policies to enhance the resilience of the U.S. economy. For example, they highlight the importance of developing accurate and timely information about threats and sharing that information with the private sector. As we share more and better information about threats, people in the private sector who own and operate our financial infrastructure can better estimate the risks they bear and can more effectively reduce the probability of a disruption through strategic investments.

Furthermore, as more institutions invest in better security measures, the incentive for other firms to invest will also increase as they realize they might be left behind the competition. This tipping or cascading effect on businesses provides a very efficient and effective means of encouraging optimal investment in our corporate resilience. It also reduces the need for the government to impose costly, inflexible, and potentially ineffective command-and-control security regulations on the private sector.

Programs
I wish to highlight a few of the programs that we have developed. These programs provide you with specific, tangible services that can help make your institutions and your colleagues safer.

Recently, the FBIIC and the FSSCC launched the next generation Financial Services Information Sharing and Analysis Center (FS/ISAC). Since 1999, the FS/ISAC has been a leader in information sharing for the financial sector, allowing members to receive and submit anonymous reports on security threats and solutions. This next generation FS/ISAC, which now serves the entire financial sector, includes both cyber and physical threat information and deploys a secure, confidential technology platform where companies can exchange information in real time as they identify vulnerabilities, address the vulnerabilities, and respond to attempts to exploit the vulnerabilities.

Given the benefits of increased information sharing with the general public, Treasury is pleased to support the next-generation FS/ISAC. I hope that all of you will consider joining the FS/ISAC as members. You can learn more about how your financial institution can benefit from the FS/ISAC at www.fsisac.com.

Another important program is the Government Emergency Telecommunications Service (GETS) program. This program, which is run by the National Communications Service, provides critical members of the private sector priority access to the telecommunication system. In times of emergency when the telephone system experiences heavy traffic, GETS users can complete their calls faster so that they may discuss and coordinate emergency decisions. Since the attacks of September 11, the GETS program has expanded more than six-fold within the financial sector. If you are interested in participating in this program, please contact your primary regulator. Each of the participating regulators serves as the administrative sponsor for the GETS program. If you are already a GETS user, please remember to test your cards on a quarterly basis.

A third important program that the Treasury created is the Protective Response Planning Program. This program brings together federal and local government officials, members of law enforcement and individuals from important financial institutions to develop and coordinate emergency responses to major disruptions at these specific institutions.

During these exercises, government officials - from the local police chief, to the county sheriff, the state police superintendent, the FBI, the United States Secret Service, and still others - coordinate their emergency response plans, in some cases for the first time. The success of these exercises have demonstrated the power of a truly collaborative effort. The Protective Response Planning Program is open to the most critical financial institutions. If you are interested, please contact me.

Thank you for your time today. Thank you for attending this important conference.